package com.whyc.filter;
|
|
import com.whyc.constant.YamlProperties;
|
import com.whyc.pojo.db_user.User;
|
|
import javax.servlet.*;
|
import javax.servlet.annotation.WebFilter;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.io.IOException;
|
|
/**
|
* 权限验证
|
*/
|
@WebFilter
|
public class AccessFilter implements Filter {
|
@Override
|
public void init(FilterConfig filterConfig) throws ServletException {
|
|
}
|
|
@Override
|
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
|
|
HttpServletRequest request = (HttpServletRequest) servletRequest;
|
HttpServletResponse response = (HttpServletResponse) servletResponse;
|
|
String requestURI = request.getRequestURI();
|
String servletPath = request.getServletPath();
|
|
|
if(YamlProperties.profileType.equals("prod")) {
|
//用户需要登录
|
User user = (User) request.getSession().getAttribute("user");
|
//无需登录可以调用接口放行
|
if (!requestURI.contains(".") && !servletPath.equals("/") &&
|
(!
|
(
|
//登录页面接口
|
requestURI.contains("login/login")
|
|| requestURI.contains("loginByRSA")
|
//WebSocket-账号其他主机登录
|
|| requestURI.contains("loginCheck")
|
//软件升级申请请求
|
|| requestURI.contains("software/upgradeApply")
|
//options请求
|
|| request.getMethod().toUpperCase().equals("OPTIONS")
|
))) {
|
if (user == null) {
|
//越权访问
|
response.setStatus(401);
|
response.setContentType("text/html;charset=utf-8");
|
response.getWriter().write("非法请求,身份未验证");
|
return;
|
}
|
}
|
}
|
|
filterChain.doFilter(servletRequest, servletResponse);
|
}
|
|
private int count(String target,char charValue){
|
int count = 0;
|
for (char ch : target.toCharArray()){
|
if(charValue == ch){
|
count++;
|
}
|
}
|
return count;
|
}
|
|
|
@Override
|
public void destroy() {
|
|
}
|
}
|
